Add new appliance information

Deploying an I Series Appliance | Forcepoint Web Security Cloud

To add your new appliance information in the portal:

Go to the Web > Network Devices > Device Management page.

Click the New button above the table, then click Add Appliance.

You are taken to the Add Appliance page.

Under General Settings:

Use the toggle at the top of the page to indicate whether this appliance is used for filtering (ON is the default). When filtering is set to OFF, the appliance can communicate with the cloud service, but allows all web traffic to pass through unfiltered.

Enter a unique appliance Name (1 - 512 alphanumeric characters) and Description (maximum length 1024 characters).

Select a Default policy for this appliance, and the Time zone used to apply policy settings.

You will have a chance to apply different policies to different internal networks managed by this appliance later.

If you are using transparent NTLM authentication and your appliance is not connected to a local Active Directory instance, enter the Authentication domain that forms part of your users' NTLM identity. The NTLM domain is the first part of the domain\username with which users log on to their Windows PC; for example, MYDOMAIN\jsmith.


	Important You must configure your end users' browsers to support transparent NTLM authentication, either manually or via GPO or similar. See Configuring browsers for NTLM identification.

If you have connected your appliance to a local Active Directory for NTLM authentication, this field is not required because the appliance automatically retrieves domain information from the local directory.

Select a time period after which a user's login and password must be revalidated from the Session timeout drop-down list. The default is 1 day.

Forward traffic to the cloud for advanced analysis is selected by default. This redirects appropriate traffic to the nearest cloud service data center for additional analysis. Clear this check box if you do not want any traffic to be forwarded to the cloud. All traffic will be analyzed through the appliance, without any cloud analytics.

Configure a Certificate Authority

Under Certificate Authority:

Use the drop-down list to indicate whether to Upload certificate files, or Use default certificate.

Important

Forcepoint recommends that you define certificates when you add an appliance, in order to avoid browser warnings regarding SSL termination block, authentication, or quota/confirm operations. Some browsers, for example later versions of Chrome, may block the transaction and display an error message.

Be sure to:

Generate a CA certificate. Each appliance should have a valid X.509 identity certificate with an unencrypted key. This certificate can be generated using a variety of tools, for example OpenSSL. For details and an example, see Generating an appliance certificate.

Import this certificate to all relevant browsers.

Upload this certificate to each appliance as described below.

To use the cloud service SSL decryption feature, you must also install the Forcepoint root certificate on each client machine. See Enabling SSL decryption in the cloud portal Help.

If you have selected to upload certificate files, click Browse to navigate to the public certificate file, then click Open to populate the Public certificate field.

Next, click Browse to navigate to the private key file, then click Open to populate the Private key field. The private key must be in either PEM or .key format.

If you have chained certificates, click Browse and navigate to the intermediate certificate, then click Open to populate the Chained certificate field.

The certificate chain should include the root CA, and optionally additional intermediate CAs.